LiveActive security incident?Get immediate response
CVE Record

CVE-2022-48805: net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup

In the Linux kernel, the following vulnerability has been resolved: net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup ax88179_rx_fixup() contains several out-of-bounds accesses that can be triggered by a malicious (or defective) USB device, in particular: - The metadata array (hdr_off..hdr_off+2*pkt_cnt) can be out of bounds, causing OOB reads and (on big-endian systems) OOB endianness flips. - A packet can overlap the metadata array, causing a later OOB endianness flip to corrupt data used by a cloned SKB that has already been handed off into the network stack. - A packet SKB can be constructed whose tail is far beyond its end, causing out-of-bounds heap data to be considered part of the SKB's data. I have tested that this can be used by a malicious USB device to send a bogus ICMPv6 Echo Request and receive an ICMPv6 Echo Reply in response that contains random kernel heap data. It's probably also possible to get OOB writes from this on a little-endian system somehow - maybe by triggering skb_cow() via IP options processing -, but I haven't tested that.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

CVE-2022-48805 is a Linux kernel flaw in the ASIX AX88179/178A USB Ethernet driver. A malicious or faulty USB network adapter can trigger out-of-bounds memory handling and may cause kernel heap data to be exposed in network responses. This mainly matters where untrusted USB devices can be connected.

Executive priority

Prioritize remediation for laptops, shared workstations, labs, and physically accessible systems that allow USB devices. For locked-down servers without USB exposure, urgency is lower but kernel maintenance should still include this fix.

Technical view

The issue is in ax88179_rx_fixup() in the Linux kernel ax88179_178a USB network driver. Improper bounds checks around packet metadata and SKB construction can cause out-of-bounds reads and data corruption. The CVE description states a malicious USB device was tested to leak random kernel heap data via an ICMPv6 Echo Reply.

Likely exposure

Exposure is most likely on Linux systems using the ax88179_178a driver with AX88179/178A USB Ethernet devices. Risk increases on workstations, labs, kiosks, or servers where attackers can attach USB hardware. Remote-only systems without USB device access are less likely exposed.

Exploitation context

The source describes exploitation by a malicious USB device, not remote network traffic alone. It reports tested kernel heap data disclosure and notes possible out-of-bounds writes were suspected but not tested. CISA KEV status is false in the provided bundle, so active exploitation is not established here.

Researcher notes

The CVE record provides detailed root cause in RX fixup bounds handling and SKB construction. Affected version data in the bundle is limited and should be reconciled with distribution kernel backports. No CVSS score, CWE mapping, or public active-exploitation evidence is provided.

Mitigation direction

  • Update Linux kernels to versions containing the referenced stable fixes.
  • Follow your Linux distribution’s advisory for patched kernel packages.
  • Restrict connection of untrusted USB network adapters.
  • Disable or block the ax88179_178a driver if not required.
  • Apply physical USB port controls on high-risk systems.

Validation and detection

  • Inventory Linux systems using USB Ethernet adapters.
  • Check whether the ax88179_178a driver is present or loaded.
  • Compare kernel builds against distribution advisories and referenced stable commits.
  • Confirm patched kernels are installed and running after reboot.
  • Review endpoint controls for unauthorized USB device attachment.
Prepared
Confidence
medium
Sources
10

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2022-48805 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
2ADP providers
9Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CVECVE Program Container
CISA-ADPCISA ADP Vulnrichment
other:ssvc
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinuxe2ca90c276e1fc410d7cd3c1a4eee245ec902a20, e2ca90c276e1fc410d7cd3c1a4eee245ec902a20, e2ca90c276e1fc410d7cd3c1a4eee245ec902a20, e2ca90c276e1fc410d7cd3c1a4eee245ec902a20, e2ca90c276e1fc410d7cd3c1a4eee245ec902a20, e2ca90c276e1fc410d7cd3c1a4eee245ec902a20, e2ca90c276e1fc410d7cd3c1a4eee245ec902a20, e2ca90c276e1fc410d7cd3c1a4eee245ec902a20unaffected
LinuxLinux3.9, 0, 4.9.303, 4.14.268, 4.19.231, 5.4.180, 5.10.101, 5.15.24, 5.16.10, 5.17affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.